mirror of https://github.com/rust-lang/cargo
Add a warning when using `registry.token` with source replacement.
This commit is contained in:
parent
b4c374039f
commit
65274ea7d5
|
@ -22,7 +22,7 @@ path = "src/cargo/lib.rs"
|
|||
atty = "0.2"
|
||||
bytesize = "1.0"
|
||||
cargo-platform = { path = "crates/cargo-platform", version = "0.1.1" }
|
||||
crates-io = { path = "crates/crates-io", version = "0.31" }
|
||||
crates-io = { path = "crates/crates-io", version = "0.31.1" }
|
||||
crossbeam-utils = "0.7"
|
||||
crypto-hash = "0.3.1"
|
||||
curl = { version = "0.4.23", features = ["http2"] }
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "crates-io"
|
||||
version = "0.31.0"
|
||||
version = "0.31.1"
|
||||
edition = "2018"
|
||||
authors = ["Alex Crichton <alex@alexcrichton.com>"]
|
||||
license = "MIT OR Apache-2.0"
|
||||
|
|
|
@ -139,9 +139,7 @@ impl Registry {
|
|||
}
|
||||
|
||||
pub fn host_is_crates_io(&self) -> bool {
|
||||
Url::parse(self.host())
|
||||
.map(|u| u.host_str() == Some("crates.io"))
|
||||
.unwrap_or(false)
|
||||
is_url_crates_io(&self.host)
|
||||
}
|
||||
|
||||
pub fn add_owners(&mut self, krate: &str, owners: &[&str]) -> Result<String> {
|
||||
|
@ -420,3 +418,10 @@ fn reason(code: u32) -> &'static str {
|
|||
_ => "<unknown>",
|
||||
}
|
||||
}
|
||||
|
||||
/// Returns `true` if the host of the given URL is "crates.io".
|
||||
pub fn is_url_crates_io(url: &str) -> bool {
|
||||
Url::parse(url)
|
||||
.map(|u| u.host_str() == Some("crates.io"))
|
||||
.unwrap_or(false)
|
||||
}
|
||||
|
|
|
@ -7,7 +7,7 @@ use std::time::Duration;
|
|||
use std::{cmp, env};
|
||||
|
||||
use anyhow::{bail, format_err};
|
||||
use crates_io::{NewCrate, NewCrateDependency, Registry};
|
||||
use crates_io::{self, NewCrate, NewCrateDependency, Registry};
|
||||
use curl::easy::{Easy, InfoType, SslOpt, SslVersion};
|
||||
use log::{log, Level};
|
||||
use percent_encoding::{percent_encode, NON_ALPHANUMERIC};
|
||||
|
@ -378,27 +378,8 @@ fn registry(
|
|||
token: token_config,
|
||||
index: index_config,
|
||||
} = registry_configuration(config, registry.clone())?;
|
||||
let token = match (&index, &token, &token_config) {
|
||||
// No token.
|
||||
(None, None, None) => {
|
||||
if validate_token {
|
||||
bail!("no upload token found, please run `cargo login` or pass `--token`");
|
||||
}
|
||||
None
|
||||
}
|
||||
// Token on command-line.
|
||||
(_, Some(_), _) => token,
|
||||
// Token in config, no --index, loading from config is OK for crates.io.
|
||||
(None, None, Some(_)) => token_config,
|
||||
// --index, no --token
|
||||
(Some(_), None, _) => {
|
||||
if validate_token {
|
||||
bail!("command-line argument --index requires --token to be specified")
|
||||
}
|
||||
None
|
||||
}
|
||||
};
|
||||
let sid = get_source_id(config, index_config.or(index), registry)?;
|
||||
let opt_index = index_config.as_ref().or(index.as_ref());
|
||||
let sid = get_source_id(config, opt_index, registry.as_ref())?;
|
||||
if !sid.is_remote_registry() {
|
||||
bail!(
|
||||
"{} does not support API commands.\n\
|
||||
|
@ -426,6 +407,50 @@ fn registry(
|
|||
cfg.and_then(|cfg| cfg.api)
|
||||
.ok_or_else(|| format_err!("{} does not support API commands", sid))?
|
||||
};
|
||||
let token = match (&index, &token, &token_config) {
|
||||
// No token.
|
||||
(None, None, None) => {
|
||||
if validate_token {
|
||||
bail!("no upload token found, please run `cargo login` or pass `--token`");
|
||||
}
|
||||
None
|
||||
}
|
||||
// Token on command-line.
|
||||
(_, Some(_), _) => token,
|
||||
// Token in config, no --index, loading from config is OK for crates.io.
|
||||
(None, None, Some(_)) => {
|
||||
// Check `is_default_registry` so that the crates.io index can
|
||||
// change config.json's "api" value, and this won't affect most
|
||||
// people. It will affect those using source replacement, but
|
||||
// hopefully that's a relatively small set of users.
|
||||
if registry.is_none()
|
||||
&& !sid.is_default_registry()
|
||||
&& !crates_io::is_url_crates_io(&api_host)
|
||||
{
|
||||
if validate_token {
|
||||
config.shell().warn(
|
||||
"using `registry.token` config value with source \
|
||||
replacement is deprecated\n\
|
||||
This may become a hard error in the future; \
|
||||
see <https://github.com/rust-lang/cargo/issues/xxx>.\n\
|
||||
Use the --token command-line flag to remove this warning.",
|
||||
)?;
|
||||
token_config
|
||||
} else {
|
||||
None
|
||||
}
|
||||
} else {
|
||||
token_config
|
||||
}
|
||||
}
|
||||
// --index, no --token
|
||||
(Some(_), None, _) => {
|
||||
if validate_token {
|
||||
bail!("command-line argument --index requires --token to be specified")
|
||||
}
|
||||
None
|
||||
}
|
||||
};
|
||||
let handle = http_handle(config)?;
|
||||
Ok((Registry::new_handle(api_host, token, handle), sid))
|
||||
}
|
||||
|
@ -782,8 +807,8 @@ pub fn yank(
|
|||
/// If both are None, returns the source for crates.io.
|
||||
fn get_source_id(
|
||||
config: &Config,
|
||||
index: Option<String>,
|
||||
reg: Option<String>,
|
||||
index: Option<&String>,
|
||||
reg: Option<&String>,
|
||||
) -> CargoResult<SourceId> {
|
||||
match (reg, index) {
|
||||
(Some(r), _) => SourceId::alt_registry(config, &r),
|
||||
|
|
|
@ -144,6 +144,9 @@ fn old_token_location() {
|
|||
.with_stderr(&format!(
|
||||
"\
|
||||
[UPDATING] `{reg}` index
|
||||
[WARNING] using `registry.token` config value with source replacement is deprecated
|
||||
This may become a hard error in the future[..]
|
||||
Use the --token command-line flag to remove this warning.
|
||||
[WARNING] manifest has no documentation, [..]
|
||||
See [..]
|
||||
[PACKAGING] foo v0.0.1 ([CWD])
|
||||
|
@ -1273,6 +1276,8 @@ fn index_requires_token() {
|
|||
// --index will not load registry.token to avoid possibly leaking
|
||||
// crates.io token to another server.
|
||||
registry::init();
|
||||
let credentials = paths::home().join(".cargo/credentials");
|
||||
fs::remove_file(&credentials).unwrap();
|
||||
|
||||
let p = project()
|
||||
.file(
|
||||
|
@ -1292,6 +1297,47 @@ fn index_requires_token() {
|
|||
p.cargo("publish --no-verify --index")
|
||||
.arg(registry_url().to_string())
|
||||
.with_status(101)
|
||||
.with_stderr("[ERROR] command-line argument --index requires --token to be specified")
|
||||
.with_stderr(
|
||||
"\
|
||||
[UPDATING] [..]
|
||||
[ERROR] command-line argument --index requires --token to be specified
|
||||
",
|
||||
)
|
||||
.run();
|
||||
}
|
||||
|
||||
#[cargo_test]
|
||||
fn registry_token_with_source_replacement() {
|
||||
// publish with source replacement without --token
|
||||
registry::init();
|
||||
|
||||
let p = project()
|
||||
.file(
|
||||
"Cargo.toml",
|
||||
r#"
|
||||
[project]
|
||||
name = "foo"
|
||||
version = "0.0.1"
|
||||
authors = []
|
||||
license = "MIT"
|
||||
description = "foo"
|
||||
"#,
|
||||
)
|
||||
.file("src/lib.rs", "")
|
||||
.build();
|
||||
|
||||
p.cargo("publish --no-verify")
|
||||
.with_stderr(
|
||||
"\
|
||||
[UPDATING] [..]
|
||||
[WARNING] using `registry.token` config value with source replacement is deprecated
|
||||
This may become a hard error in the future[..]
|
||||
Use the --token command-line flag to remove this warning.
|
||||
[WARNING] manifest has no documentation, [..]
|
||||
See [..]
|
||||
[PACKAGING] foo v0.0.1 ([CWD])
|
||||
[UPLOADING] foo v0.0.1 ([CWD])
|
||||
",
|
||||
)
|
||||
.run();
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue